Policy Brief No. 001 – August 2024.
Introduction
The year 2024 is characterised with a significant
number of general elections in Africa.
The continent is set to witness about twenty
presidential and parliamentary elections
throughout the year
1While elections remain at
the heart of democracy on the continent,
transparency and credibility of election results
have been subjects of various conversations and
policy demands. In recent years, there has been a
rapid increase in election petitions in Sub
Saharan Africa with grounds of irregularities
largely bordering on manipulation of digitised
voter databases, transmission and tabulation of
election results.
As election technologies are being widely
integrated into electoral processes across the
continent, cybersecurity has become a major
challenge for safeguarding the integrity of
elections. The increased use of digitised systems
in electoral activities has exacerbated potential
attack from both internal and external sources.
This policy brief examines the vulnerability of
digital technology in electoral processes in sub
saharan Africa and underscores existing
mitigating efforts by governments, civil society
organisations and international actors.
This brief will cite cases from Kenya and
Nigeria where election results were legally
disputed on grounds of irregularities in the
digital process and steps taken to improve the
safeguarding of credibility and transparency in
subsequent elections. It will finally offer
recommendations on enhancing election
cybersecurity, harmonising legislations,
fostering a resilient stakeholder collaboration
and strengthening public trust in the electoral
process, as part of policy research of the Africa
Center for Digital Transformation.
What is Election Technology?
Election Technology encompasses a wide
range of systems, equipment, and
procedures used in electoral processes. Key
election technologies include the following:
➔ Voter Registration System
➔ Voter Verification System
➔ Result Management System
➔ Voter Information System
➔ Election Security Technology
As at 2022, only 58 countries globally used
digital voter registers, 27 of which are
African countries.
How can Cyber threats undermine the
credibility of elections in Sub-Saharan
Africa?
Cyber threats in elections are risks that
Election Management Bodies(EMBs) and
their partners might face during pre-election,
election and post-election periods in the use
of technology. While these cyber threats
pose risks globally, their impacts can be
especially destabilising in fragile
democracies, many of which are in
Sub-Saharan Africa.
“In particular, a review of recent trends
indicates that EMBs and their partners may
face particular challenges when it comes to
protecting voter registration databases and
results tabulation and transmission systems
which are attractive targets for cyber attacks
to undermine stakeholder acceptance of
electoral outcomes”
There has been a worrying trend in the
region where Political leaders resort to
challenge the validity and credibility of
election results. More instructively, Ghana
has had two presidential election petitions
within the space of eight years, Kenya’s
electoral process of 2017 was marred with
an annulment of the presidential results for
the first time in the history of the country,
and recently, Nigeria’s election was subject
of litigation. While disputing outcomes of
election at the court of competent
jurisdiction is the constitutional laid down
electoral process, it is imperative to put
measures in place to avoid the immediate
tensions and in some cases violences that
characterise the outright rejection of
elections results by political actors. These
rejections mainly border on the lack of
confidence in the digital system and the
integrity of the electoral process with these
petitions citing technical errors, double
voting, tabulating errors and other forms
of illegal voting in the use of digital
technology. For example in the Kenyan
Presidential Petition, “it was argued that
there were significant discrepancies caused
by the delay in transmission of results from
some polling stations; irregularities in the
prescribed electoral forms submitted; failure
to provide access to system logs for
verification of results; and the failure of
systems’ security in hosting primary and
disaster recovery sites locally”.
The use of election technology exposes
electoral processes to cyber risks through the
following factors:
➔ Technical Hitches
➔ Human Interference
➔ Inadequate Infrastructure and Access
➔ Misinformation and Disinformation
The Kenyan approach in
mitigating election-related Cyber
risks
a. Promulgation of the Data Protection
Act.
b. Meta’s election operation centres.
c. Establishing local data centres.
Despite the evident flaws and potential
challenges with most of these measures,
Kenya could arguably boast about making
significant progress in election cybersecurity
driven by technologies. It is one of the first
countries in Sub-saharan Africa that has
used technology in the most critical part of
her elections such as registration of voters,
verification of electorates and transmission
for electoral results. These technological
progress should not be translated into the
lack of integrity and security of our
democracies, on the contrary a considerable
effort has been made (including
cybersecurity measures) in all countries
from around the world.
The Introduction and deployment of the
Kenya Integrated Electoral Management
System (KIEMS) has been one of the critical
steps in improving election cybersecurity in
the country. This consists of the biometric
voter registration, electronic voter
identification and results transmission-all
aimed at improving efficiency in election
materials distribution independence. The
adoption of KIEMS has not only aided the
modernisation of the electoral process but
has also served to streamline election
processes and safeguard cyber space through
enhanced mechanisms for the building of
the voters register, voter verification process
as well as accurate results transmission.
Beyond the technological arrangements to
cybersecurity threats in elections, Kenya has
deployed new legislative and regulatory
frameworks. The Data Protection Act (DPA)
which came into effect in 2019 ensures that
the processing of personal data and citizens’
privacy rights are thoroughly regulated
before, during and after elections. The DPA
has laid down norms governing the
gathering and handling of personal data to
ensure that it conforms with best practices
and also provides safety from cybersecurity
risks related to managing such information.
Finally, deploying local data centers within
the country to store and process
election-related information proved to be a
more resilient approach towards election
cybersecurity. This progress has tackled the
transparency and locality issues in election
data storage, with now highly sensitive
electoral information being kept within local
jurisdiction thus significantly minimising
susceptibility from overseas cyber-attacks or
unauthorised access.
Benefits of a holistic approach to
enhance cybersecurity in
elections i.e balancing the
harmonisation of electoral laws
and use of technology with
stakeholder cooperation.
➔ Improved Trust and Confidence
With strong measures in place to
ensure cybersecurity, the electoral
process in Kenya will end trust and
confidence from voters, political
stakeholders, as well as the
international community.
Guaranteeing free, fair and
transparent elections would also
increase the legitimacy of the
electoral process which, in turn,
assures public trust to democratic
system.
➔ Mitigation of Cyber Threats
The measures put in place will help
reduce the risk of cyber threats such
as hacking, data breaches and
unauthorised entry into
election-related systems. It will
equally help prevent external
meddling and editing of electoral
information at an early stage to
protect the democratic process.
➔ Enhanced Data Protection
The secure handling of data
necessary for voter registration,
election outcomes and other relevant
election-related information ensures
the sanctity and security of citizens’
privacy, preserving valuable user
info while being fully compliant with
International Data Privacy Standards.
➔ Transparency and Accountability
Combining digital technology and
cybersecurity measures produce a more
transparent and accountable process for
voting collectively. Safe data transit and
storage, as well as measures against
false or fake news contribute to a clean
electoral environment where it is more
difficult to manipulate election results.
➔ Efficiency and Accuracy
The efficiency and accuracy of electoral
processes are refined through cyber
security measures such as the use of
technology in voter registration,
verification and results transmission.
This will speed up and enhance the
integrity of election results by reducing
wait times, errors and accusations of
mistakes that undermine the electoral
credibility.
➔ International Best Practices
These measures and strides position
the country as an example in
benefiting from technology to deliver
free, fair and secure elections while
promoting cooperation and
experience-sharing with other
nations facing similar challenges.
➔ Resilience Against International
Interference
Through this holistic approach, Kenya
will increase its overall resilience
towards foreign interferences,
cyber-attacks and manipulation of the
electoral system. The approach will
equally lessen weaknesses and shield the
electoral process from foreign
interference.
Potential risks associated with
the holistic approach to election
cybersecurity
➔ Intrinsic Cyber Vulnerabilities
Despite sophisticated measures,
election technologies remain
susceptible to cyber threats such as
malware, hacking attacks etc.
➔ Digital Divide
The introduction of digital voter
registration and verification systems
could exacerbate the digital divide,
limiting access to the electoral
process due to limited access to
digital resources and lack of
technological literacy which can
further lead to low participation and
disenfranchisement.
➔ Legal and Regulatory Challenges
Harmonising electoral laws with data
protection laws may present
regulatory challenges if there is lack
of detailed explanations and clear
guidelines on the handling and
access of data or rights of
stakeholders.
➔ Technological Failures
Failures such as system malfunction,
technical errors during voter
registration and verification could
impact the accuracy and reliability of
the systems.
Recommendations
There is the need for governments,
democracy promoters, civil society groups,
and international organisations to prioritise
election cybersecurity. Clearly, the adoption
of digital technology brings new potential
vulnerabilities to electoral processes.
➔ Stakeholders need to adopt interagency
collaboration, international cooperation,
and the development of cybersecurity
frameworks for electoral purposes.
➔ To strengthen the cybersecurity postures
of electoral management bodies, It is
crucial to designate election technology,
equipment, and processes as critical
infrastructure to receive additional
government assistance.
➔ reviewing electoral laws and updating
international standards to address the
evolving threat environment.
Works Cited
Rose, Mosero. 2022. “In Kenya’s 2022
Elections, Technology and Data Protection
Must Go Hand-inHand”. Pivotal Elections
In Africa, Carnegie Endowment For
International Peace, August 2022.
https://carnegie-production-assets.s3.amazon
aws.com/static/files/202208-Mosero_Kenya
Election_v1.pdf
Osei, Hyiamang. 2022. “How can
Cybersecurity Best Practices Protect
Election Integrity in Advanced and
Developing Democracies?” Marymount
University.
USAID, DAI and IFES. 2022, Briefing
Paper: Cybersecurity of Election Results
Management Systems.
Acheampong, M. (2023). Overpromising
and Under-delivering? Digital Technology
in Nigeria’s 2023 Presidential Elections.
(GIGA Focus Afrika, 2). Hamburg: German
Institute for Global and Area Studies
(GIGA) – Leibniz-Institut für Globale und
Regionale Studien, Institut für
Afrika-Studien.
https://doi.org/10.57671/gfaf-23022
USAID, DAI and IFES. “Understanding
Cybersecurity Throughout The Electoral
Process: A Reference Document” An
Overview Of Cyber Threats And
Vulnerabilities in Elections.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.